Email authentication and confidentiality

General considerations

Authentication is sensible when you want to be exactly sure that

• a message received indeed has been sent from the sender's mailbox
• a message received has not been changed during a delivery process
• a message sender will not be able to repudiate it later

Confidentiality concerns the ability to

• send messages which no one can read without your permission
• receive messages which no one except you can read

In order to implement the mentioned above possibilities a new email Internet standard called S/MIME (Secure Multipurpose Internet Mail Extensions) has been developed on the base of already-existing MIME standard.

Authentication - digitally signed emails

So, to digitally sign email messages you need four things:

• You (actually, we need your email address from which you are going to send signed emails).
• "Stamp" with which you will sign your emails.
• A recipient of messages -  generally, a person who whish to be sure in authentication of a message origin.
• An authority - the one whom both you and the recipient trust (What is a certificate authority?).

When you have these necessary things you should take the following course of action:

1. Go to the authority and ask them to identify you (note that the authority proves the identity of your email address rather than your identity). This is done by issuing a digital certificate which is an electronic analog of an identity card. In our terms this digital certificate is your special "stamp" to sign the emails. (How to get a digital certificate?)
2. In fact, a certificate ("stamp") obtained from the authority consists of two parts: private and public (called public and private keys  in cryptographic theory)
   • private part is directly used to sign the emails and therefore should be secret from others
   • the recipients certify the sender's authenticity using public part which is not secret and can be safely given to anyone.
3. Install your digital certificate from the authority on your mail client software (How to install a digital certificate in Outlook Express?).
4. Extract a public key from the certificate and share (just send with a letter or deliver it in any other way) it with the desired recipients. (How to extract a public key?)
5. After you have created a message, sign it using an appropriate option of your mail client (How to sign a message in Outlook Express?)
6. Send a signed message as usual.

What is necessary to receive and read encrypted emails:

1. You should have your own certificate (pairs of keys) obtained from an authority installed on your mail client
2. Provide a "sender" from which you wish to receive encrypted emails with your public key to install on his or her email client software (How to set up Outlook Express for working with encrypted emails?)
3. After creating a message, the sender has to encrypt it using something like "Encrypt" option of the email software.

What is necessary to compose and send encrypted emails:

1. You need a public key of a recipient to whom you are going to send encrypted email messages
2. Install a recipient's public key on your email client software (How to install someone's public key in Outlook Express?)
3. After you have composed a message, encrypt it using an "Encrypt" feature of your email program. Note: after completing the encryption, you will no longer be able to read the encrypted message because it can be decrypted only by a recipient's private key.